github.com/hernad/nomad@v1.6.112/command/operator_root_keyring.go

github.com/hernad/nomad@v1.6.112/command/operator_root_keyring.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  package command
     5  
     6  import (
     7  	"fmt"
     8  	"strings"
     9  
    10  	"github.com/mitchellh/cli"
    11  	"github.com/posener/complete"
    12  
    13  	"github.com/hernad/nomad/api"
    14  )
    15  
    16  // OperatorRootKeyringCommand is a Command implementation
    17  // that handles querying, rotating, and removing root
    18  // encryption keys from a keyring.
    19  type OperatorRootKeyringCommand struct {
    20  	Meta
    21  }
    22  
    23  func (c *OperatorRootKeyringCommand) Help() string {
    24  	helpText := `
    25  Usage: nomad operator root keyring [options]
    26  
    27    Manages encryption keys used for storing variables and signing workload
    28    identities. This command may be used to examine active encryption keys
    29    in the cluster, rotate keys, add new keys from backups, or remove unused keys.
    30  
    31    If ACLs are enabled, all subcommands requires a management token.
    32  
    33    Rotate the encryption key:
    34  
    35        $ nomad operator root keyring rotate
    36  
    37    List all encryption key metadata:
    38  
    39        $ nomad operator root keyring list
    40  
    41    Remove an encryption key from the keyring:
    42  
    43        $ nomad operator root keyring remove <key ID>
    44  
    45    Please see individual subcommand help for detailed usage information.
    46  `
    47  	return strings.TrimSpace(helpText)
    48  }
    49  
    50  func (c *OperatorRootKeyringCommand) Synopsis() string {
    51  	return "Manages root encryption keys"
    52  }
    53  
    54  func (c *OperatorRootKeyringCommand) AutocompleteFlags() complete.Flags {
    55  	return c.Meta.AutocompleteFlags(FlagSetClient)
    56  }
    57  
    58  func (c *OperatorRootKeyringCommand) AutocompleteArgs() complete.Predictor {
    59  	return complete.PredictNothing
    60  }
    61  
    62  func (c *OperatorRootKeyringCommand) Name() string {
    63  	return "root keyring"
    64  }
    65  
    66  func (c *OperatorRootKeyringCommand) Run(args []string) int {
    67  	return cli.RunResultHelp
    68  }
    69  
    70  // renderVariablesKeysResponse is a helper for formatting the
    71  // keyring API responses
    72  func renderVariablesKeysResponse(keys []*api.RootKeyMeta, verbose bool) string {
    73  	length := fullId
    74  	if !verbose {
    75  		length = 8
    76  	}
    77  	out := make([]string, len(keys)+1)
    78  	out[0] = "Key|State|Create Time"
    79  	i := 1
    80  	for _, k := range keys {
    81  		out[i] = fmt.Sprintf("%s|%v|%s",
    82  			k.KeyID[:length], k.State, formatUnixNanoTime(k.CreateTime))
    83  		i = i + 1
    84  	}
    85  	return formatList(out)
    86  }